CVE-2025-58078

HIGH

Productivity Suite <4.4.1.19 - Path Traversal

Title source: llm

Description

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.

References (4)

[Various Sources] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json

View Writeup ZIP pw:eip

[Various Sources] https://support.automationdirect.com/docs/securityconsiderations.pdf

[Various Sources] https://www.automationdirect.com/support/software-downloads

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

Scores

CVSS v3 7.5

EPSS 0.0038

EPSS Percentile 58.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

Classification

CWE

CWE-23

Status draft

Timeline

Published Oct 23, 2025

Tracked Since Feb 18, 2026